desktop-packages team mailing list archive

Thread
Date

[Bug 1471949] Re: Firefox 39 crashes on startup or within a few seconds on Precise/x86

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Chris Coulson <chris.coulson@xxxxxxxxxxxxx>
Date: Fri, 17 Jul 2015 20:10:51 -0000
Reply-to: Bug 1471949 <1471949@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Here's the disassembly from a good build with vanilla gcc 4.8.4. It's
basically identical, but it contains 3 extra instructions that are
missing from the broken build.

   0xf57fe991 <+1729>:  mov    0xa0(%ebp),%edx
   0xf57fe997 <+1735>:  mov    0x84(%esp),%esi // %esi now points to |pn|
   0xf57fe99e <+1742>:  add    $0x18,%edx
   0xf57fe9a1 <+1745>:  cmpl   $0xfe,0x28(%esp) // Compare |hops| with 254 (FREE_LEVEL - 1)
   0xf57fe9a9 <+1753>:  mov    %al,0x2(%esi) // Calls pn->SetOp(op)
   0xf57fe9ac <+1756>:  mov    0x34(%esp),%eax // %eax now contains |slot|
   0xf57fe9b0 <+1760>:  ja     0xf57fea10 <js::frontend::BytecodeEmitter::tryConvertFreeName(js::frontend::ParseNode*)+1856> // Jump if |hops| > 254
   0xf57fe9b2 <+1762>:  cmp    $0xffffff,%eax // Compare |slot| with 0xffffff
   0xf57fe9b7 <+1767>:  ja     0xf57fe9f9 <js::frontend::BytecodeEmitter::tryConvertFreeName(js::frontend::ParseNode*)+1833> // Jump if |slot| > 0xffffff
   0xf57fe9b9 <+1769>:  mov    0x84(%esp),%esi // %esi now points to |pn|
   0xf57fe9c0 <+1776>:  shl    $0x8,%eax // Left shift new |slot| value by 8-bits

// These next 3 instructions are missing in the broken build
   0xf57fe9c3 <+1779>:  mov    $0x1,%edi
   0xf57fe9c8 <+1784>:  movzbl 0x28(%esp),%edx // %edx now contains |hops|
   0xf57fe9cd <+1789>:  mov    %dl,0x20(%esi) // Save |hops| in to |level_| in pn->pn_u.name.cookie

   0xf57fe9d0 <+1792>:  mov    %eax,%edx // %edx now contains |slot|
   0xf57fe9d2 <+1794>:  movzbl 0x20(%esi),%eax // Load |level_| from pn->pn_u.name.cookie in to %eax
   0xf57fe9d6 <+1798>:  or     %edx,%eax // %eax now contains the bitwise-OR of |level_| and new |slot| value
   0xf57fe9d8 <+1800>:  mov    %eax,0x20(%esi) // Save the new values to |level_| and |slot_| in pn->pn_u.name.cookie

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1471949

Title:
  Firefox 39 crashes on startup or within a few seconds on Precise/x86

Status in firefox package in Ubuntu:
  Invalid
Status in firefox source package in Precise:
  Triaged

Bug description:
  This is blocking publication of Firefox 39.

  The build for x86 on 12.04 currently crashes on startup, or within a
  few seconds of startup. It's basically unusable. An example crash
  report is: https://crash-stats.mozilla.com/report/index/d0d97dbb-f6bc-
  4e4d-88ff-e5fff2150702.

  Unfortunately, despite the warning in the PPA description for
  https://launchpad.net/~ubuntu-mozilla-security/+archive/ubuntu/ppa,
  ordinary users are still installing pre-release packages from it.

  It works on all other releases and on Precise/x86-64. I did test
  Firefox 39 with this toolchain when it was still the nightly version
  whilst preparing the switch to GCC 4.8, and it worked fine.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1471949/+subscriptions

References

[Bug 1471949] [NEW] Firefox 39 crashes on startup or within a few seconds on Precise/x86
From: Chris Coulson, 2015-07-06